simon135 - A bear can give the nft but then get the `premium+collateral` which they shouldn't get if they are the buyer of order

[sherlock-admin]

simon135

high

A bear can give the nft but then get the premium+collateral which they shouldn't get if they are the buyer of order

Summary

A bear that pays the premium and fees can then transfer the nft and get the collateral + premium which is too many funds and then funds can be stolen

Vulnerability Detail

Since there is no indication that this is a put or call option the bear can pay the preimum+fees but they can call settleContract() with the nft and get the collateral which is more than the nft causing loss of funds because what should happen is that in this case of setttleContract the bear is the writer to give the nft but that isn't checked in settleContract. steps: Alice(bear) bob(bull) Alice takes the order and becomes the bear and pays (premium+fees) Bob pays the collateral + fees) But Alice could give the nft but getcollateral+preimumwhich doesn't make sense because Alice inmatchOrder pays thepreimum+fees` so in that case, Alice shouldn't be getting back the premium which is the incentive for the seller that the bull should get and is not getting.

Impact

This can lead to a loss of funds and the bull not getting the funds they desire and the buyer can always transfer the nfts and get Their premium back.

Code Snippet

       uint256 bearAssetAmount = order.premium + order.collateral;
        if (bearAssetAmount > 0) {
            // Transfer payment tokens to the Bear
            IERC20(order.asset).safeTransfer(bear, bearAssetAmount);
        }

https://github.com/sherlock-audit/2022-11-bullvbear/blob/main/bvb-protocol/src/BvbProtocol.sol#L449-L453

Tool used

Manual Review

Recommendation

I recommend checking that his logic is correct and making indication what action is happening and whose the writer and buyer

Duplicate of #132

[nessben]

Same as https://github.com/sherlock-audit/2022-11-bullvbear-judging/issues/132